When b13/container is installed alongside content_defender, moving content elements via the list module (up/down arrows) fails with:
The command "move" for record "..." couldn't be executed due to disallowed value(s).
Steps to reproduce
- Install
b13/container and content_defender
- Configure two different backend layouts with different allowed CTypes (e.g. "Homepage" allows only
textpic, "Subpage" allows text)
- Create a page using the "Subpage" backend layout
- Add a content element with a CType that is allowed on "Subpage" but not on "Homepage" (e.g.
text)
- Open the page in the list module
- Try to move the element up or down using the sorting arrows
- The move fails with "disallowed value(s)"
Note: The same move works fine via drag & drop in the page module.
Root cause
b13/container rewrites all simple move commands (e.g. ['move' => -12345]) into paste commands in its CommandMapBeforeStartHook::rewriteSimpleCommandMap(). For elements that have no relation to containers, the resulting command looks like:
['move' =>
[
'action' => 'paste',
'target' => -12345,
'update' => []
]
];In CmdmapDataHandlerHook::processCmdmap_beforeStart() (line 64-75), the code checks:
if (is_array($value)
&& !empty($value['action'])
&& 'paste' === $value['action']
&& isset($value['update']['colPos']) // <-- false, because update is empty
) {
$command = 'paste';
$pageId = (int)$value['target'];
$colPos = (int)$value['update']['colPos'];
} else {
$pageId = (int)$value; // <-- (int) on an array = 1 in PHP
$colPos = (int)$currentRecord['colPos'];
}Since update is empty, isset($value['update']['colPos']) is false. The code falls into the else branch where (int)$value casts the array to 1. This causes content_defender to resolve the backend layout for page ID 1 (root page) instead of the actual page. The error occurs when the element's CType is not in the allowed list for page ID 1's backend layout — even though it is perfectly valid on the page where the move is actually happening.
This is not a bug in content_defender itself (without b13/container installed, everything works as expected). Since both extensions are widely used in the TYPO3 ecosystem, it would be great if this issue can be fixed.
Environment
- TYPO3 13.4.27
- content_defender 3.5.3
- b13/container 3.2.3 (3.2.2 works fine)
When
b13/containeris installed alongsidecontent_defender, moving content elements via the list module (up/down arrows) fails with:Steps to reproduce
b13/containerandcontent_defendertextpic, "Subpage" allowstext)text)Note: The same move works fine via drag & drop in the page module.
Root cause
b13/containerrewrites all simple move commands (e.g.['move' => -12345]) into paste commands in itsCommandMapBeforeStartHook::rewriteSimpleCommandMap(). For elements that have no relation to containers, the resulting command looks like:In
CmdmapDataHandlerHook::processCmdmap_beforeStart()(line 64-75), the code checks:Since
updateis empty,isset($value['update']['colPos'])isfalse. The code falls into theelsebranch where(int)$valuecasts the array to1. This causes content_defender to resolve the backend layout for page ID 1 (root page) instead of the actual page. The error occurs when the element's CType is not in the allowed list for page ID 1's backend layout — even though it is perfectly valid on the page where the move is actually happening.This is not a bug in content_defender itself (without b13/container installed, everything works as expected). Since both extensions are widely used in the TYPO3 ecosystem, it would be great if this issue can be fixed.
Environment